DotNetNuke Multiple Vulnerabilities
Secunia Advisory: SA30429
Release Date: 2008-06-02
Popularity: 1,114 views

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Exposure of system information
DoS
Where: From remote
Solution Status: Vendor Patch

Software:DotNetNuke 3.x
DotNetNuke 4.x

Subscribe: Instant alerts on relevant vulnerabilities


Description:
Some vulnerabilities and a weakness have been reported in DotNetNuke, which can be exploited by malicious people to disclose certain information, cause a DoS (Denial of Service), manipulate certain data, and bypass certain security restrictions.

1) The problem is that it is possible to trigger the install / upgrade process, which can be exploited to cause a DoS by sending a large number of specially crafted requests or to re-execute the database scripts, resulting in data being overwritten or corrupted.

2) Errors in the logic for the UrlControl and the FileSystem API can be exploited to upload certain safe files (e.g. txt, jpg, or gif files) to restricted folders.

NOTE: "Safe" file extensions are defined in "Host Settings".

3) A weakness can be exploited to disclose the DotNetNuke version number.

The vulnerabilities and weakness are reported in versions 3.0 through 4.8.2.

Solution:
Update to version 4.8.3.

Provided and/or discovered by:
The vendor credits:
1) Tony Valenti and Joseph Ravioli
2) Tomotoshi Sugishita and Mitchell Sellers

Original Advisory:
http://www.dotnetnuke.com/News/Securi...yBulletinno14/tabid/1159/Default.aspx
http://www.dotnetnuke.com/News/Securi...yBulletinno15/tabid/1160/Default.aspx
http://www.dotnetnuke.com/News/Securi...yBulletinno16/tabid/1161/Default.aspx
http://www.dotnetnuke.com/News/Securi...yBulletinno17/tabid/1162/Default.aspx


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Subdreamer Light Global Variables SQL Injection Vulnerability // 61 views
2. Adobe Flash Player Multiple Vulnerabilities // 41 views
3. Opera Multiple Vulnerabilities // 17 views
4. Sun Java System Web Proxy Server SOCKS Module Buffer Overflows // 17 views
5. VLC Media Player Multiple Vulnerabilities // 17 views
6. Microsoft Word Malformed Object Pointer Vulnerability // 16 views
7. Microsoft Office Two Code Execution Vulnerabilities // 16 views
8. Netgear WN802T Wireless Access Point Two Vulnerabilities // 15 views
9. Microsoft Office Excel Multiple Vulnerabilities // 15 views
10. Sun Java JDK / JRE Multiple Vulnerabilities // 11 views